Configurable endpoints

In AWS IoT Core, you can use domain configurations to configure and manage the behaviors of your data endpoints. With domain configurations, you can generate multiple AWS IoT Core data endpoints, customize these data endpoints with your own fully qualified domain names (FQDN) and associated server certificates, and also associate a custom authorizer. For more information, see Custom authentication and authorization.

Note

This feature is not available in GovCloud AWS Regions.

Domain configurations use cases

You can use domain configurations to simplify tasks such as the following.

• Migrate devices to AWS IoT Core.

• Support heterogeneous device fleets by maintaining separate domain configurations for separate device types.

• Maintain brand identity (for example, through domain name) while migrating application infrastructure to AWS IoT Core.

Important notes for using domain configurations in AWS IoT Core

AWS IoT Core uses the server name indication (SNI) TLS extension to apply domain configurations. Devices must use this extension when they connect to AWS IoT Core. They also must pass a server name that is identical to the domain name that you specify in the domain configuration. To test this service, use the v2 version of the AWS IoT Device SDKs in GitHub.

If you create multiple data endpoints in your AWS account, they will share AWS IoT Core resources such as MQTT topics, device shadows, and rules.

When you provide the server certificates for AWS IoT Core custom domain configuration, the certificates have a maximum of four domain names. For more information, see AWS IoT Core endpoints and quotas.

In this chapter:

• Creating and configuring AWS managed domains
• Creating and configuring custom domains
• Managing domain configurations
• Configuring TLS settings in domain configurations
• Server certificate configuration for OCSP stapling